Purpose
To provide guidelines for the acceptable use of Labouré College of Healthcare information, computer, and network assets. All users of Labouré’s information assets and network resources are required to read this policy and agree to follow the guidelines listed.
Policy
Confidentiality
Maintain the confidentiality of information that you are permitted to access.
Our students, employees, and other parties with whom we do business entrust the College with important information relating to their personal and professional lives. In many instances, personal information is protected by state and federal law. It is our policy that all information considered confidential will not be disclosed to external parties or to employees without a “need to know.” Labouré College of Healthcare operates under the principle of least privilege; allowing employees access to only the information required to complete their job in a correct and efficient manner. If an employee questions whether certain information is considered confidential, they should first check with their immediate supervisor.
It is the policy and practice of Labouré College to maintain the highest standard of confidentiality regarding our students, employees, and visitors. All information, recorded or otherwise, pertaining to College students or personnel or your employment: past, present, and prospective, is confidential and should only be accessed by approved personnel during the course of their assigned responsibilities. Our expectation is that each of you in your capacity will adhere to the same standard of confidentiality regarding any information you have access to or work with.
Written Information Security Program
Labouré College of Healthcare is committed to protecting the confidentiality of all sensitive data that it maintains, including information about individuals who work or study at the College. Labouré College of Healthcare has implemented several policies to protect such information. The Written Information Security Program – IT 1.1 (“WISP”) applies to all Labouré College of Healthcare employees, whether full- or part-time, including faculty, administrative staff, contract, and temporary workers, interns, and student employees, as well as to all other members of the Labouré College community (hereafter referred to as the “Community”). This program also applies to certain contracted third-party vendors and/or hired consultants. The data covered by this Program includes any information stored, accessed, or collected at the College or for College operations. The WISP is in addition to and in support of other Labouré College of Healthcare policies that contain more specific requirements for safeguarding certain types of data. The WISP is intended as a set of comprehensive guidelines and policies designed to safeguard all confidential and restricted data maintained at the College, and to comply with applicable laws and regulations on the protection of Personal Information. The entire WISP and related policies may be found on the College drive as well as the IT Website (IT.laboure.edu).
Electronic Communication and Internet Use
The following guidelines have been established for using the Internet, College-provided information technology assets, and e-mail in an appropriate, ethical and professional manner:
• Internet, College-provided equipment (e.g., cell phone, laptops, and computers), accounts, and services may not be used for transmitting, retrieving, or storing any communications of a defamatory, discriminatory, harassing, or pornographic nature.
• The following actions are forbidden: using disparaging, abusive, profane or offensive language; creating, viewing or displaying materials that might adversely or negatively reflect upon Labouré College of Healthcare or be contrary to the College’s best interests; and engaging in any illegal activities, including piracy, cracking, extortion, blackmail, copyright infringement, and unauthorized access of any computers and College-provided equipment such as cell phones and laptops.
• Employees may not copy, retrieve, modify or forward copyrighted materials, except with permission or as a single copy to reference only. See Copyrighted Software Policy – IT 1.12 for more detail.
• Employees must not use the system in a way that disrupts its use by others.
Employees must not use personal storage devices (e.g. USB thumb drives/memory sticks) on College provided computers. If there is a need to transfer information using this method, please see the IT Department for an authorized USB drive that will encrypt information stored on it.
• Employees should not open suspicious e-mails, pop-ups, or downloads. Contact IT with any questions or concerns to reduce the release of viruses or to contain viruses immediately. See Email Policy – IT 1.3
• Internal and external e-mails are considered business records and may be subject to discovery in the event of litigation. Be aware of this possibility when sending e-mail within and outside the College.
Right to Monitor All College-supplied technology, accounts, and related work records belong to the College and not to the employee. Labouré College of Healthcare may routinely monitor the use of College-supplied technology and accounts. Inappropriate or illegal use or communications may be subject to disciplinary action up to and including termination of employment.
Employees are required to report all information and cyber security incidents. See Information Security Incident Response Policy – IT 1.6
Social Media—Acceptable Use
The College understands the importance of social computing, networking, and social media in today’s world. Social media sites like Facebook, LinkedIn, Instagram, TikTok, and Twitter are all very popular. Social media can also take other forms, too, such as blogs, wikis, file sharing sites, forums, discussion groups, and chat rooms. Social Media can be an extremely effective way of marketing our College and expanding our interactions with students, alumni, employees, vendors, and customers. While embracing new technologies, we also want to make sure that the College and our employees engage in social networking in a responsible manner. This policy provides guidance on how to engage in social networking in a way to protect yourself and the interests of the College, its employees, vendors, and customers. These guidelines supplement current College policies.
- Social Networking Sites Should Not Be Considered Private. Generally, information posted on social networking sites should be considered public and you should expect that even with your use of certain privacy settings what you post or send on social networking sites will be seen by others outside your intended group of viewers.
- College Policies Still Apply/Monitoring. College policies still apply when using social media sites. Rules prohibiting the unlawful harassment of co-workers, for example, still apply to your online activities. We may monitor employee social media communications to ensure compliance with College policies.
- Use Common Sense/Think before you Post. You are responsible for the content you publish on social media sites. What you post could be online for a long time. As a representative of the College, always consider how your comments will be viewed considering protecting and enhancing both the College’s reputation and your own.
- Respect Others. Be respectful to fellow employees, customers, vendors, and competitors. Do not post defamatory or disparaging comments about the College or its services, products, management, or employees.
- Protect confidential information. Respect the privacy of customers, vendors, and employees. Do not share or disclose confidential or proprietary information. You should always obtain permission before posting sensitive information related to colleagues, employees, and other third parties (e.g., compromising pictures or other information that was intended to be private).
- Be clear about who you are speaking for. Only authorized employees may communicate information on behalf of the College. Without permission, you are not authorized to make statements, comments, or press releases on behalf of the College. You should make clear that you are speaking for yourself and not on behalf of the College. In some instances, it may be appropriate to add in this language: “The views expressed on this ‘site’ are my own and do not reflect the views and opinions of Labouré College of Healthcare.”
- Use your own email address. Always use your personal email address and not your Labouré College of Healthcare email address as your means of contact or identification. Your College email address is property of the college and should not be used for personal communication or subscriptions.
- Respect copyrights, trademarks, and fair use. Remember to respect the copyrighted materials owned by others, and reference the sources you use. Never distribute copyrighted materials (such as videos, photos, books, etc.) online as copyright infringement and plagiarism laws apply to posts on the Internet. College logos and trademarks may not be used without the College’s permission.
- Stay Productive. Social media participation can be productive and beneficial both personally and professionally. However, ensure that such personal activities do not interfere with your work activities. Social media sites should not be used during work times except for business-related activities.
- Use social networking safely. Always review the applicable privacy and security settings so that you understand how much or little information you are comfortable sharing.
This policy is not intended to infringe upon an employee’s right to engage in protected concerted activity under 29 U.S.C. sec. 157. Employees have the right to discuss terms and conditions of employment and mutual work-related concerns.
If you have any questions about this policy or any issues surrounding social media, please contact the College’s Human Resources department.
Accessing Information Assets
As a user of sensitive data, you are aware of the importance of protecting this data by means of passwords. It is necessary, therefore, that you never write passwords, or share a password to anyone by phone or e-mail. It is also essential that you never share your password with another person, nor that you log in under your password and allow another person to access a computer system. All users must obtain their own account and password. Passwords are provided to authorized users only and only such authorized users should have access to a system.
All authorized users of the college network will be given a system account and password which is used to connect to the network. All authorized users of the other software on the network will also be given appropriate passwords which permit access to certain parts of the software depending on the user’s needs.
The system software automatically requires users to change their passwords periodically. You may not use the previous five passwords. See User Authentication and Password Control Policy – IT 1.5.
Enforcement
Any employee found to have violated this policy or the associated policies listed in this document may be subject to disciplinary action, up to and including termination of employment.